SAML and user provisioning with ADFS
This page covers what to do if you use ADFS and you’d like to use SAML or user provisioning to integrate ADFS with Atlassian Cloud.
If you're already using Office 365, you should have already synced your users from ADFS to Azure Active Directory. If your organization isn't using Azure AD or another cloud identity provider like Okta, Onelogin, or Centrify, we recommend investigating these products in order to get the best support integrating identity management with SaaS applications like Atlassian Cloud.
To integrate Atlassian Cloud with ADFS, you’ll connect your on-premises Active Directory to a supported identity provider. This connection will sync your user’s account details between your identity provider and Atlassian Cloud products. From there, the user can log in with the same details for both.
SAML with ADFS
We're currently considering ADFS as one of our supported identity providers for SAML SSO. See ACCESS-597 for updates or to watch this issue.
Atlassian Cloud supports many identity providers for SAML. While we don’t officially support ADFS with SAML, you can configure SAML directly with ADFS using our setup details for unsupported identity providers.
Because we support just-in-time provisioning for SAML, we’ll create an Atlassian account for a user that logs into any of your site’s products.
ADFS doesn’t currently support automatically deactivating a user. If you deactivate a user from your identity provider, you must also deactivate the user from your Atlassian Cloud organization.
User provisioning with ADFS
Supported identity providers for user provisioning currently include Azure AD and Okta. While we don’t officially support ADFS with user provisioning, you can sync your on-premises ADFS with a supported identity provider.
If you use an unsupported identity provider, you can use the user provisioning API to create your own integration that allows you to manage users and groups.